In the fourth installment of the Senteon webinar series, Bob Miller addressed a sneaky but serious threat in browser security: automatic downloads. While convenient, allowing websites to download files without user intervention is a dangerous practice that opens the door to malware, ransomware, and other attacks.
“Think of it like this,” Bob began, “would you let someone throw packages into your house without knowing what’s inside? That’s what automatic downloads do.” By disabling this feature in Microsoft Edge, you force users to actively approve every download, ensuring that only trusted files make their way onto your systems. It’s a simple setting, but it’s an important line of defense in preventing unwanted software from slipping through.
Bob highlighted that CIS Benchmarks recommend turning off automatic downloads by default. This reduces the risk of users unintentionally executing malicious files, especially in environments where phishing or drive-by-download attacks are prevalent. It’s not about making things harder for users—it’s about making it harder for attackers.
Bob also delved into the importance of managing extensions. Extensions can make browsing more efficient, but they can also serve as vectors for malicious activity if left unchecked. Bob compared poorly managed extensions to “leaving your toolbox open for anyone to grab what they want.”
By configuring Microsoft Edge to restrict which extensions can be installed, companies can ensure that only vetted, safe extensions are used. Bob shared how CIS Benchmarks help organizations create strict policies around extension usage, minimizing the risk of malware hiding in seemingly helpful tools.
“Extension management isn’t about limiting productivity,” Bob explained. “It’s about ensuring that the tools you use aren’t opening the door for bad actors.”
Rounding out the discussion, Bob revisited authentication settings, underscoring the need to disable basic HTTP authentication and enforce HTTPS across all logins. The risks of basic HTTP, where credentials can be intercepted in plain text, are too great to ignore.
One of the best ways to reduce exposure is by aligning your authentication settings with CIS Controls. By disabling outdated protocols and ensuring all data is encrypted, you significantly reduce the chances of credentials falling into the wrong hands.
Bob’s mantra for authentication security? “Make sure the locks on your doors are strong, and make sure they’re always locked.”
For a full breakdown of these settings and more, watch the full episode here, or check out upcoming episodes here.
Want to see how secure your browser really is? Sign up for a free internal and external security assessment from Senteon, mentioning “settings webinar” here.